ConsumeWindowsEventLog

Description:

Registers a Windows Event Log Subscribe Callback to receive FlowFiles from Events on Windows. These can be filtered via channel and XPath.

Additional Details...

Tags:

ingest, event, windows

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
ChannelchannelSystemThe Windows Event Log Channel to listen to.
Supports Expression Language: true (will be evaluated using variable registry only)
XPath Queryquery*XPath Query to filter events. (See https://msdn.microsoft.com/en-us/library/windows/desktop/dd996910(v=vs.85).aspx for examples.)
Supports Expression Language: true (will be evaluated using variable registry only)
Maximum Buffer SizemaxBuffer1048576The individual Event Log XMLs are rendered to a buffer. This specifies the maximum size in bytes that the buffer will be allowed to grow to. (Limiting the maximum size of an individual Event XML.)
Maximum queue sizemaxQueue1024Events are received asynchronously and must be output as FlowFiles when the processor is triggered. This specifies the maximum number of events to queue for transformation into FlowFiles.
Inactive duration to reconnectinactiveDurationToReconnect10 minsIf no new event logs are processed for the specified time period, this processor will try reconnecting to recover from a state where any further messages cannot be consumed. Such situation can happen if Windows Event Log service is restarted, or ERROR_EVT_QUERY_RESULT_STALE (15011) is returned. Setting no duration, e.g. '0 ms' disables auto-reconnection.
Supports Expression Language: true (will be evaluated using variable registry only)

Relationships:

NameDescription
successRelationship for successfully consumed events.

Reads Attributes:

None specified.

Writes Attributes:

NameDescription
mime.typeWill set a MIME type value of application/xml.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component does not allow an incoming relationship.

System Resource Considerations:

None specified.